[isaiahturner]

I came here to talk a little about Yo. I was one of the original people to "hack" the app and updated the message to say "Tweet #YoBeenHacked" at about 3AM EST on June 20th. This is the hashtag that has sense been used. Approximately 15 minutes after doing this, I received a call from Or, the founder and CEO of Yo. Or, Chris, and I talked for about an hour and fixed a few issues then. From that point on, the message could not be updated.

The issues with Yo were not entirely Or's fault. As he put it, the app was intended as a "prototype" and had it not blown up so fast, this would not have been an issue. A common claim is "You have 1 million dollars, hire someone to fix this!" which Or had already done. A meeting with the parse team had already been scheduled long before today and had everyone tried to hack the app today, the attempts would fail. During this meeting Parse's Security team, Or and I fixed the security issues. I would be happy to answer any other questions, post below.

During the conversation Chris and I were both offered freelance jobs. Chris declined, I accepted. I currently am working on a feature for Yo to update your username.

[isaiahturner]

I was asked "Is it possible to find the api key's in the binary?"

My answer is yes, it's insanely easy. Don't try to secure your API keys instead try to secure your API.

[isaiahturner]

Additionally, securing Parse requires setting an ACL. This is not a huge deal but many apps do not. If you use Parse, please check your ACL.

[jsinghdreams]

How was the Yo app hacked to play sounds('rick roll') that weren't originally in the app binary?

[isaiahturner]

Or came to the conclusion those people changed the binary and that they were on jailbroken devices. Those videos were faked so to say.

[jsinghdreams]

Gotcha. The binary only has two .mp3 files; yo.mp3 and yoyo.mp3.